Application Whitelisting, friend or foe?

Aug 3rd, 2016 Malware, Secure Configuration James Gillies

Before we go any further, let’s ask another question: Why would we need application whitelisting? Legacy controls such as Anti-Virus have become less effective at stopping the latest threats, user permissions may not be locked down, meaning users can “run anything”. Often companies build systems which must never be changed, or are very seldom updated due to the types of business-critical information they must process;…

Encrypt, Encryption

Do we need to encrypt our data if we are not a finance company?

Jul 6th, 2016 Compliance, Secure Configuration James Gillies

Recent years have demonstrated great efforts made by organisations to encrypt any data that needs to physically leave the building where it is normally stored – the “data at rest” is made unreadable to any person or entity that is not authorised to read that data. Traditionally it is patient and finance data that have been the focus, typically stored or used on a mobile…

Least Privilege Access

Should we be looking at managing Least Privilege Access on our company networks?

Jun 17th, 2016 Secure Configuration James Gillies

If you need to ask that question, then the answer is yes! When a user is working on their computer they have certain rights and permissions to access files and run programs. Ideally those rights and permissions should conform to a model of Least Privilege Access. Least Privilege Access is a concept where users working on the network are able to do their job and…

Cyber Security Risks

How do I test the Cyber Security defences of my business?

Jun 8th, 2016 Data Breach, Network Security, Secure Configuration James Gillies

There are a few approaches for testing your Cyber Security defences your business can take if you are not already doing so. Introduce Vulnerability Assessments to the organisation. Employ a 3rd party to probe your internet-facing perimeter to discover weaknesses that a hacker could exploit, which could lead to a data breach. Having sealed up the cracks, repeat the process at least quarterly if not monthly…

Insecure Passwords

Why should I use strong passwords and does it really matter?

Anyone who has some form of online presence will have logins and passwords for various systems that they connect to. Almost all systems that you log into now are on the internet and a great deal of them store a lot of personal information about you, such as your date of birth, home address, credit card details and so on. It has also become routine…

Gravityscan Badge